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IN THE claims: 

52. (Original) A method for system security in distributed systems, comprising 

the steps of: 

a) deriving freshness constraints from initial policy assumptions and an authentic 
statement; 

b) imposing freshness constraints by employing recent-secure authenticating 
principals to effect revocation; and 

c) verifying that a relation f |f„^ - | < <^ is satisfied for verification of a 

secure channel, where tume ^amp being a time of a time stamp pertaining to a validity 
assertion of a particular assertion, 6 being a minimum necessary freshness constraint 
pertaining to the particular assertion and tnow being the time of verification; 

53. (Currently Amended) A system for enforcing revocation in distributed 
systems, comprising: 

a) means for asGorting creating a time-stamped validity assertion message 
pertaining to the validity of an initial assertion; 

b) means for asserting a^freshness constraint[[s]] indicating a length of time^ 
and relating to said initial assertion tbo initio] ass e rtions that tho froshn e os constraints 
r e lat e to ; and 

c) means for verifying that a relation \t^^ - ^,/«^^^| is satisfied-iepeaeh 

porticular ass e rtion nooofloary for verification of a ooouro ohonn ^ l , where ttime stamp is a 
tim e of a time stamp contained in said message p o rtaining to tho validity as se rtion of a 
particular as se rtion , 6 b e i fl g is a selected constant that represents a minimum necessary 
freshness constraint pertaining to said initial assertion th e particular assertion,^ and int^w is 
b e ing th e time of verification. 

54. (Currently Amended) A system for protecting an authority of a 
distinguished principal and enforcing revocation when the authority is compromised, 
comprising: 
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a) afirstmeans^for issuing an authoritative assertion by a distinguished 
principal; 

b) a second m eans for asserting freshness constraints on the assertion; 

c) a third m eans for asserting a time stamped validity assertion to the assertion 
indicating the vaUdity of the assertion at the time of the time stamp; and 

d) means for verifying that a relation -/.^..^l '^^ satisfied for each 
particular assertion necessary for verification of a secure channel, where W *tamp being 
the time of a time stamp pertaining to the validity assertion of the particular assertion, 6 
being the minimum necessary freshness constraint pertaining to the particular assertion, 
and tnr;w being the time of verification, 

55. (Original) A system for issuing certificates in a system for enforcing 
revocation in distributed systems, comprising: 

a) means for issuing certificates for principals within an 
organization by the organization; 

b) means for asserting, by the organization, a principal authorized as an 
authority for issuing time stamped certificates; 

c) means for delegating authority for issuing time stamped 
certificates; 

d) means for asserting freshness constraints on assertions; and 

e) means for verifying that a relation |f„„H, < is satisfied for each 

particular assertion necessary for verification of a secure channel, where tfi^ ^tomp being 
a time of a lime stamp pertaining to the validity assertion of a particular assertion, 6 
being a minimum necessary freshness constraint pertaining to the particular assertion 
and tnow being the time of verification, 

56. (Original) A system for system security in a distributed system network, 
comprising: 
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a) meaas for preparing a statement of an assigned revocation authority in a 
distributed system network in response to a policy, said revocation authority statement 
being associated with an initial statement; 

b) means for preparing a statement of a freshness constraint period in the 
distributed system network in response to said policy, said freshness statement being 
associated with said revocation authority statement; 

c) means for preparing a validity statement at said assigned revocation 
authority in the distributed system network in response to said poUcy. said validity 
statement including a verification status at some temporal reference; 

d) means for providing said revocation authority statement, said freshness 
statement, and said validity statement to a verification authority in the distributed system 
network; and 

e) means for selectively verifying said initial statement at said verification 
authority in response to said initial statement, said revocation authority statement, said 
freshness statement, and said validity statement. 
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